The below article takes you through on how to create a Kubernetes Cloud Provider with Service Account Token.
Steps :
1.) Login to the Kubernetes cluster :
2.) Use the below command to create a service account :
Below i have used the service account name as : test-account
kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-account
EOF
Also if you already have the service account created then you can list it using :
kubectl get serviceaccounts
3.) Now you can further create the secret using :
Below i have used secret name as : test-account-secret and also specified the service account name.
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: test-account-secret
annotations:
kubernetes.io/service-account.name: test-account
type: kubernetes.io/service-account-token
EOF
4.) Also you need to do the cluster role binding :
kubectl create clusterrolebinding test-account --clusterrole=cluster-admin --serviceaccount=default:test-account
5.) You can run this the below to obtain the service account token:
SERVICE_ACCOUNT_NAME=test-account
NAMESPACE=default
SECRET_NAME=$(kubectl get sa "${SERVICE_ACCOUNT_NAME}" --namespace "${NAMESPACE}" -o json | jq -r '.secrets[].name')
TOKEN=$(kubectl get secret "${SECRET_NAME}" --namespace "${NAMESPACE}" -o json | jq -r '.data["token"]' | base64 -d)
echo $TOKEN
The TOKEN you get here for example :
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
This is to be used in creating kubernetes cluster Service Account Token.
Verify the service account (testadmin) has cluster-admin access using kubectl:
kubectl config set-credentials testadmin --token=$TOKEN
kubectl config set-context --current --user=testadmin
Once this is done , you can try creating an infra definition using this Cloud provider.